Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )

["Paul D. Robertson" <proberts () patriot net>]

On Mon, 26 Aug 2002, B. Scott Harroff wrote:

> loss. Commensurate discipline would be a slap on the hand.  If Jim surfs to
> a porn site (often) and Jane who sees this feels sexually ofended and
> harassed, and the company does not follow up with stopping folks like Jim,
> the company could face a embarrasing and expensive law suit....

Actually, I think it's not necessarily good to stop "folks like Jim-" the 
"bad apple" defense means you *must* stop Jim once he's reported.  
However, if you put in a mechanism and it has flaws, you could be more 
liable for the things that get through than you are if you don't try.  
Suddenly you've placed yourself in the position of an editor, and legally, 
not trying and not failing is different than trying and failing.

> Agreed on both counts.  Not taking action can be very expensive though.....

As important as taking action is *when* you take action- and preemptive 
strikes can cost you in court where post-event action won't.  About the 
only preemptive action that seems to have not landed anyone in hot water 
is training.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards